Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 105759

Summary: dev-libs/libprelude[db] suffers from RPATH issues
Product: Gentoo Security Reporter: Jason Wever (RETIRED) <weeve>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: netmon
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: ~2 [noglsa]
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 81745    

Description Jason Wever (RETIRED) gentoo-dev 2005-09-12 21:21:21 UTC
dev-libs/libpreludedb-0.9.0_rc13 appears to suffer from the RPATH issues in bug
81745.  Build failure is as follows;

make[1]: Leaving directory
`/var/tmp/portage/libpreludedb-0.9.0_rc13/work/libpreludedb-0.9.0-rc13'
rm: cannot remove
`/var/tmp/portage/libpreludedb-0.9.0_rc13/image//usr/lib/perl5/5.8.6/i686-linux/perllocal.pod':
No such file or directory
man:
prepallstrip:
strip: sparc-unknown-linux-gnu-strip --strip-unneeded
   usr/lib/libpreludedb.so.0.0.0
   usr/lib/libpreludedb/plugins/sql/mysql.so
   usr/lib/libpreludedb/plugins/sql/pgsql.so
   usr/lib/libpreludedb/plugins/formats/classic.so
   usr/lib/perl5/site_perl/5.8.7/sparc-linux/auto/PreludeDB/PreludeDB.so
   usr/lib/python2.4/site-packages/_preludedb.so
   usr/bin/preludedb-admin
making executable: /usr/lib/libpreludedb.so.0.0.0

QA Notice: the following files contain insecure RUNPATH's
 Please file a bug about this at http://bugs.gentoo.org/
 For more information on this issue, kindly review:
 http://bugs.gentoo.org/81745
/var/tmp/portage/libpreludedb-0.9.0_rc13/work/libpreludedb-0.9.0-rc13/bindings/perl/../../src/.libs:/usr/lib
usr/lib/perl5/site_perl/5.8.7/sparc-linux/auto/PreludeDB/PreludeDB.so


!!! ERROR: dev-libs/libpreludedb-0.9.0_rc13 failed.
!!! Function dyn_install, Line 1044, Exitcode 0
!!! Insecure binaries detected
!!! If you need support, post the topmost build error, NOT this status message.
Comment 1 Daniel Black (RETIRED) gentoo-dev 2005-09-14 05:13:38 UTC
good news - rc13 doesn't exist any more 
better news rc14 and 15 aren't affected 
 
bad news 
rc14 and rc15 now do stuffed up install paths 
/var/tmp/portage/libprelude-0.9.0_rc14/image/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Prelude/Prelude.so 
/var/tmp/portage/libprelude-0.9.0_rc15/image/var/tmp/portage/libprelude-0.9.0_rc15/image/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Prelude/Prelude.so 
 
Marcelo? emerge with USE=perl 
Comment 2 Marcelo Goes (RETIRED) gentoo-dev 2005-09-15 09:42:37 UTC
Daniel, I think you're confusing libpreludedb with libprelude. The stuffed up
path looks like yet a new problem :-/.
Comment 3 Thierry Carrez (RETIRED) gentoo-dev 2005-09-21 05:35:08 UTC
Reporter : could you please check that it still happens after the latest Perl
upgrade...
Comment 4 Jason Wever (RETIRED) gentoo-dev 2005-09-21 09:40:12 UTC
No change here with the latest perl update.  I tried rebuilding libpreludedb as
well since that is a dependency of libpreludedb and also uses perl but no
changes.  The error is still as originally posted.
Comment 5 Thierry Carrez (RETIRED) gentoo-dev 2005-09-23 13:42:49 UTC
*** Bug 107017 has been marked as a duplicate of this bug. ***
Comment 6 Thierry Carrez (RETIRED) gentoo-dev 2005-09-23 13:44:39 UTC
From bug 107017 :

According to portage, the recently committed dev-libs/libprelude-0.9.0 [still]
suffers from RPATH issues;

QA Notice: the following files contain insecure RUNPATH's
 Please file a bug about this at http://bugs.gentoo.org/
 For more information on this issue, kindly review:
 http://bugs.gentoo.org/81745
/var/tmp/portage/libprelude-0.9.0/work/libprelude-0.9.0/bindings/perl/../../src/.libs
usr/lib/perl5/site_perl/5.8.7/sparc-linux/auto/Prelude/Prelude.so


!!! ERROR: dev-libs/libprelude-0.9.0 failed.
!!! Function dyn_install, Line 1044, Exitcode 0
!!! Insecure binaries detected
!!! If you need support, post the topmost build error, NOT this status message.
Comment 7 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-09-29 05:36:43 UTC
netmon please advise 
Comment 8 Daniel Black (RETIRED) gentoo-dev 2005-09-30 21:43:00 UTC
Fixed in libpreludedb-0.9.0-r1.ebuild and libprelude-0.9.0-r1.ebuild 
and reported upstream 
https://trac.prelude-ids.org/ticket/101 
Comment 9 Thierry Carrez (RETIRED) gentoo-dev 2005-10-01 02:53:32 UTC
dragonheart: many thx.
Is 0.9.0 a stable candidate and what should arch stableize (is libprelude enough
or should they also mark other prelude*-0.9.0 as well) ?
Comment 10 Thierry Carrez (RETIRED) gentoo-dev 2005-10-01 04:32:23 UTC
Only unstable versions were affected by this bug, so closing without GLSA